> > > Yes. To explain my setup further, there is a view based on
> > > src-IPs for some clients, where recursion is turned on.
> > > The rest of the world gets non-recursive answers, e.g. with
> > > authoritative data, or refused.
> > > 
> > > In case of that specfic forward zone, bind answers in the
> > > non-recursive case with a referal to itself (there is only one
> > > public IP), which is causing a loop, as there is no way to
> > > specify a different port in the DNS protocol (AFAIK)

> On Fri, Oct 01, 2010 at 11:25:31AM +0200, Kalman Feher wrote:
> > This is the problem and the reason I agree with Kevin.  The referral is
> > correct behaviour. Your DNS set up is wrong. You have 2 choices and a third

On 01.10.10 12:39, Joerg Dorchain wrote:
> Well, I could agree agree that "wrong" means not thought of by
> RfC-Designers and bind implementators (yet).

probably it was not thought because it's wrong. 

> > less palatable option:
> > 
> > 1. Make the other DNS software available on another IP. So normal DNS
> > behaviour works.
> Hm, this is not too easy in practice, but of course optimal solution.
> IPv6 will help here, I hope.

I don't think this will solve the problem, it will just be a workaround for

> > 2. Add the zone as a slave within your authoritative view. (this option may
> > be the easiest for your situation).
> Not feasible as it contains dynamically generated content,
> typically with a TTL of 0.

this strongly indicates that there's something broken in your DNS. The DNS
is not designed to provide anything that short-lived, the whole DNS
architecture is based on cachind.

Are you doing any kind of DNS-based load balancing?
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Enter any 12-digit prime number to continue.
bind-users mailing list

Reply via email to